[Help-gnutls] Beginner Questions

Kip Warner Kip at TheVertigo.com
Fri Oct 12 21:32:17 CEST 2007


Greetings,

I am new to GnuTLS and I am slowly learning more about cryptography in
general. I would like to build both a client and server application,
with the following security constraints:

- The server needn't authenticate the client because it doesn't care who
it is.

- The client, however, needs to be sure that the server it connected to
really is the genuine server and not an impostor. The IP address of the
server machine may change from time to time (it is on DHCP), but the
server machine itself will always be the same. It will be identified by
hostname.

- The communication between the two should be encrypted and sent over
the wire via TLS 1.1.

The protocol the two will use will be my own text based protocol handled
through gnutls_record_recv() / gnutls_record_send(). I am using the
sample "Echo Server with OpenPGP Authentication" as a starting point for
implementing the server. I just hope this is the right kind of basic
skeleton model I should be using for pedagogical purposes. Do you think
this is sufficient?

http://www.gnu.org/software/gnutls/manual/html_node/Echo-Server-with-OpenPGP-authentication.html

I have gone through some of the OpenSSL documentation and GnuTLS's
documentation on certtool, but I am still confused on how to generate
the three files mentioned at the beginning of the server's source. I
cannot seem to find any mention of their creation anywhere. Could be
that I am just looking in all the wrong places:

#define KEYFILE "secret.asc"
#define CERTFILE "public.asc"
#define RINGFILE "ring.gpg"

But just as importantly, what do each of these really mean (I kind of
understand the public and secret files, but not really the keyring - but
nevertheless, I do not feel confident in my understanding of any of the
three). Also, where should these three files reside? What should the
client have and what should the server have available to them on disk?

Thank you for any guidance you can provide.

-- 
Kip Warner
Software Engineer
http://www.thevertigo.com
-- 
View this message in context: http://www.nabble.com/Beginner-Questions-tf4614419.html#a13177782
Sent from the Gnu - TLS mailing list archive at Nabble.com.






More information about the Gnutls-help mailing list